If the @Security decorator is used on a controller class, there appears to be no way to override that setting for a specify method. It would be useful if there was an @AllowAnonymous decorator that we could use to override the security for a specific method - much like the AllowAnonymousAttribute in .net Core
I'm submitting a ...
I confirm that I
@Route("Foo")
@Security("BearerAuth")
export class FooController extends Controller {
// This method implicitly has security applied to it
@Get("foo")
public foo() {}
// This method implicitly has security applied to it
@Get("bar")
public bar() {}
// This method is explicitly open
@Get("baz")
@AllowAnonymous()
public baz() {}
}
// This controller has no default security
@Route("Foo")
export class FooController extends Controller {
// This method explicitly has security applied to it
@Get("foo")
@Security("BearerAuth")
public foo() {}
// This method explicitly has security applied to it
@Get("bar")
@Security("BearerAuth")
public bar() {}
// This method is implicitly open
@Get("baz")
public baz() {}
}
Add an @AllowAnonymous decorator.
Version of the library: 3.0.4
Version of NodeJS: 10.19.0
The current method involves removing the @Security decorator from the class and applying it to every method, except the anonymous method. This is undesirable as it an omission will default to insecure. It's also cleaner as fewer decorators are required.
No
I'd like to find a better name, maybe @AllowUnauthorized() or @NoSecurity(), but the idea seems good.
@WoH I would like to add it 馃槃
I've created a PR - #684 - that might fix this (be gentle, I'm new to this project!). It has no unit tests nor any documentation at the moment, but I'd like to get the opinion of the maintainers before I go all out...
@WoH I would like to add it 馃槃
I've just realised that @dimitor115 may have meant that he wanted to do the PR rather than that he'd like to see it added. So maybe my PR isn't needed.
I've created a PR - #684 - that might fix this (be gentle, I'm new to this project!). It has no unit tests nor any documentation at the moment, but I'd like to get the opinion of the maintainers before I go all out...
Don't worry, especially because the PR looks great so far :+1:
I haven't had time to look at the details, but the approach looks good to me!
Wow, that was quicker than I expected. Thanks.